Additionally, it is important to change your password and admin username if someone needs your password and admin username to login to do the job and will help you. After all of the work is finished, IMMEDIATELY change your password and admin username. Someone in their company may not be even if the man is trustworthy. Better to be safe than sorry!
Finally, installing the clean hacked wordpress site Scan plugin will check all this for you, and alert you that you may have missed. Additionally, it will inform you that a user named"admin" exists. That is your administrative user name. You can follow a link and find directions for changing that name, if you wish. Personally, I believe that a password is enough protection that is good, and there have been no successful attacks on the numerous sites that I run since I followed these steps.
Backup plug-ins is also important. You need to backup database and all the files so in the event of a sudden attack, you can bring your site back like nothing happened.
This is quite useful plugin, protecting you against brute-force password-crack strikes. It keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts when a certain number of attempts is reached.
Black and phrases that were whitelists based on which field they appear inside, in a page request. (unknown/numeric parameters vs. known post bodies, remark bodies, etc.).
Do your homework and some hunting, but if you are pressed for time and need to get this try the helpful resources WordPress safety plugin that I use. It is a relief to know that my website (and business!) are secure.